Hello community,
here is the log from the commit of package net-snmp for openSUSE:Factory
checked in at 2012-05-16 12:26:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/net-snmp (Old)
and /work/SRC/openSUSE:Factory/.net-snmp.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "net-snmp", Maintainer is "lchiqui...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/net-snmp/net-snmp.changes 2012-04-17
22:00:16.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.net-snmp.new/net-snmp.changes 2012-05-16
12:26:24.000000000 +0200
@@ -1,0 +2,6 @@
+Mon May 14 17:39:17 UTC 2012 - lchiqui...@suse.com
+
+- fix array index error that could lead to a crash (CVE-2012-2141)
+ (bnc#759352)
+
+-------------------------------------------------------------------
New:
----
net-snmp-5.7.1-fix-array-index-error.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ net-snmp.spec ++++++
--- /var/tmp/diff_new_pack.PXJxKf/_old 2012-05-16 12:26:26.000000000 +0200
+++ /var/tmp/diff_new_pack.PXJxKf/_new 2012-05-16 12:26:26.000000000 +0200
@@ -76,6 +76,7 @@
Patch21: net-snmp-5.7.1-more-robust-handling-of-agentx-errors.patch
Patch22: net-snmp-5.7.1-report-problems-with-setundo-processing.patch
Patch23:
net-snmp-5.7.1-fix-snmpd-crashing-when-an-agentx-disconnects.patch
+Patch24: net-snmp-5.7.1-fix-array-index-error.patch
#
Summary: SNMP Daemon
License: BSD-3-Clause ; MIT
@@ -237,6 +238,7 @@
%patch21 -p1
%patch22 -p1
%patch23 -p1
+%patch24 -p1
%build
MIBS="misc/ipfwacc ucd-snmp/diskio etherlike-mib rmon-mib velocity smux \
++++++ net-snmp-5.7.1-fix-array-index-error.patch ++++++
commit 4c5633f1603e4bd03ed05c37d782ec8911759c47
Author: Robert Story <rst...@freesnmp.com>
Date: Mon May 14 11:40:06 2012 -0400
NEWS: snmp: BUG: 3526549: CVE-2012-2141 Array index error leading to crash
Index: net-snmp-5.7.1/agent/mibgroup/agent/extend.c
===================================================================
--- net-snmp-5.7.1.orig/agent/mibgroup/agent/extend.c
+++ net-snmp-5.7.1/agent/mibgroup/agent/extend.c
@@ -1209,7 +1209,7 @@ _extend_find_entry( netsnmp_request_info
* ...and check the line requested is valid
*/
line_idx = *table_info->indexes->next_variable->val.integer;
- if (eptr->numlines < line_idx)
+ if (line_idx < 1 || line_idx > eptr->numlines)
return NULL;
}
}
@@ -1380,6 +1380,10 @@ handle_nsExtendOutput2Table(netsnmp_mib_
* Determine which line we've been asked for....
*/
line_idx = *table_info->indexes->next_variable->val.integer;
+ if (line_idx < 1 || line_idx > extension->numlines) {
+ netsnmp_set_request_error(reqinfo, request,
SNMP_NOSUCHINSTANCE);
+ continue;
+ }
cp = extension->lines[line_idx-1];
/*
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
